skip navigation

More signal. Less noise.

Daily briefing.

Whether or not they actually directed it (probably not, say informed observers) ISIS is using the Texas cartoon exhibit shooting for recruiting and information operations.

Ransomware's latest entry, AlphaCrypt, looking like TeslaCrypt but with Cryptowall-like functionality, is being distributed by the Angler exploit kit.

Dyre gets more elusive.

IOActive reports a (now patched) privilege-escalation vulnerability in Lenovo PCs.

Onapsys outlines three ways known SAP vulnerabilities are being exploited to compromise enterprises.

Cybercriminals generally are adopting some of the evasion and persistence long associated with espionage in their capers.

Krebs reports that stolen credentials are showing up for sale on PayIvy (which accepts PayPal).

Trend Micro offers an interesting overview of steganography and its uses in concealing malware.

Passcode reports on "the identity economy" as seen from ID360.

Cyber insurance is expected soon to become as common, in the UK at least, as property insurance.

A partnership between Lockheed Martin and Cybereason is seen as paralleling Raytheon's similar move with Websense.

Another Chinese antivirus vendor, Tencent, joins Qihoo in the gallery of those accused of gaming AV tests.

Lawfare sees the "full glare of European hypocrisy" over privacy and surveillance in French collection legislation and accusations that Germany's BND snooped on friendly nations and corporations. The French surveillance program will be interesting — it's doubtful anyone will be able to cope with the terabytes it's expected to collect. The alleged hypocrisy may be dazzling, but the glare-of-war in cyberspace surely will be. Get some sunglasses to go with that Phrygian cap, Marianne.

Notes.

Today's issue includes events affecting Australia, China, France, Germany, Iraq, Nauru, Russia, Syria, Ukraine, United Kingdom, United States.

Cyber Attacks, Threats, and Vulnerabilities

Did ISIS Really Mastermind Texas Shooting? Experts Doubtful (Time) "What proof has ISIS offered?" said one longtime member of the CIA

ISIS Message Warns of 71 'Trained Soldiers' in 15 U.S. States, 23 'Signed Up for Missions' (PJMedia) A new warning from a purported American jihadist details specific levels of ISIS fighters in the U.S. — as well as targeted states — in the wake of the attack in Garland, Texas

New AlphaCrypt ransomware delivered via Angler EK (Help Net Security) Yet another type of ransomware has been detected by malware researchers. Dubbed AlphaCrypt, it appropriates the look of TeslaCrypt, but operates similarly to Cryptowall 3.0

Dyre Malware Developers Add Code to Elude Detection by Analysis Tools (eWeek) As more companies deploy sandbox technology to catch advanced malware, many attackers are adding code to their programs to detect if the attack is running in a virtual machine

Updated: PC maker Lenovo exposes users to "massive security risk" (SC Magazine) World number one PC maker Lenovo has been accused of running a "massive security risk" because flaws in its online product update service allow hackers to download malware onto its users' systems through a man-in-the-middle (MiTM) attack

3 Ways Attackers Will Own Your SAP (Dark Reading) SAP vulnerabilities that have been highlighted for years are now becoming attackers' favorite means of breaking into enterprises

Cybercriminals borrow from APT playbook in attack against PoS vendors (IDG via CSO) Cybercriminals are increasingly copying cyberespionage groups in using targeted attacks against their victims instead of large-scale, indiscriminate infection campaigns

Ukrainian Bitcoin Exchange Reports Hack (Bitcoin News Service) Ukrainian Bitcoin Exchange BTCTRADE.com.ua recently announced the discontinuation of its services after confirming to have been hacked

PayIvy Sells Your Online Accounts Via PayPal (KrebsOnSecurity) Normally, if one wishes to buy stolen account credentials for paid online services like Netflix, Hulu, XBox Live or Spotify, the buyer needs to visit a cybercrime forum or drop into a dark Web marketplace that only accepts Bitcoin as payment. Increasingly, however, these accounts are showing up for sale at Payivy[dot]com, an open Web marketplace that happily accepts PayPal in exchange for a variety of stolen accounts

How someone spent "pennies" to troll women, people of color via promoted tweets (Ars Technica) Games system to "generate negative reactions to ad campaigns," overcomes blocks

Hospital group criticized for emailing health information (CSO) Partners should have known better than to allow employees to send sensitive patient data via emal

Microsoft Word Intruder — the malware that writes new malware for you (Naked Security) Malware construction kits aren't new

Steganography and Malware: Why and How (TrendLabs Security Intelligence Blog) Threats that can evade detection are among the most dangerous kind we're facing today. We see these characteristics in the most challenging security issues like targeted attacks and zero-day exploits. Being able to stay hidden can determine the success of an attack, making it something that attackers continuously want to achieve. In this series of blog posts, we will take a look at one of the techniques used by cybercriminals to evade detection and analysis

Security Patches, Mitigations, and Software Updates

ICU Project Overflow Vulnerabilities Patched (Threatpost) Multitudes of software packages that make use of the ICU Project C/C++ and Java libraries may need to update after a pair of memory-based vulnerabilities were discovered and subsequently patched

Windows 10 spells the end of Patch Tuesday (Help Net Security) Microsoft is ready to abandon the longstanding patching schedule that saw patches and security updates being delivered on the second Tuesday of every month. With the advent of Windows 10, security updates and other software innovations will be pushed to PCs, tablets and phones as soon as they are ready

8 Linux Security Improvements In 8 Years (InformationWeek) Linux started getting really serious about security in 2007, and it has made big strides in the past three years. As open-source code faces more threats, Linux can't rest on its laurels

Cyber Trends

Exploring the identity economy (Christian Science Monitor Passcode) From the black market to the consumer protection business boom

Breach Detection, Prevention Harder Than 2 Years Ago Despite Security Spending: Survey (SecurityWeek) A new report from Enterprise Strategy Group found that many enterprises feel breach prevention and detection is more difficult today than two years ago

IT Chiefs Lack Security Confidence (Infosecurity Magazine) IT chiefs have a deep lack of confidence in their security technologies — and suffer a lack of the people and processes to implement new ones

When the Cost of Convenience is Compromise (Information Security Buzz) We live in a world where everyone expects instant, always-on access to information where if you haven't already got 'an app for that', you can download one within minutes. Alongside every development team are user interface and graphic designers as well as user experience experts. Product Management and Product Marketing think as much about ease-of-use as they do about features

Crimeware infects one-third of computers worldwide (Help Net Security) The APWG reports that during the 4th quarter of 2014, a record number of crimeware variants were detected, a strategy of overwhelming proliferation of variations designed to defeat antivirus software. Meanwhile, phishers increasingly targeted retail and service sites, hoping to take advantage of the burgeoning numbers of online shoppers

Data security in the payments ecosystem (Help Net Security) Experian Data Breach Resolution and the Ponemon Institute asked professionals to weigh in on several topics including who should be responsible for securing payment systems and how effective their organizations is in preparing for and responding to a payment card breach

The enduring chasm between security teams and developers (Help Net Security) The gap between application builders (developers and development organizations) and defenders (security and operations teams responsible for securing apps) is closing slightly, according to SANS

Marketplace

Cyber insurance to become a business essential within the next decade (Politics Home) Cyber insurance should become as common a purchase for UK businesses as property insurance within the next 10 years, the Association of British Insurers (ABI) said today

Cybereason Lands $25M Funding, Partnership With Lockheed Martin; Look Out, Raytheon And Websense (CRN) Less than a month after defense contractor Raytheon announced its intent to acquire security software maker Websense for $1.9 billion, its competitors are stepping up, with Lockheed Martin signing a partnership and strategic investment with real-time threat detection company Cybereason

Another anti-virus vendor caught cheating in independent tests (Graham Cluley) Tencent is the latest Chinese software company developing an anti-virus product to have been censured by independent testing agencies in less than a week

FireEye (NASDAQ:FEYE), Symantec Corporation (NASDAQ:SYMC) or Checkpoint Corporation (NASDAQ:CHKP) — Which Stock is Better? (Wall Street) With some huge investments and mega advancements in the field, cyber technology is the new fish in the market. More and more companies are going for cyber marketing and are maintaining their entire databases online. All the companies have invested big time in the intranet systems and with that the companies need to ensure whether their data will be safe or not. This is where Cyber security comes in handy

FireEye: Increasing Dominance In The Cybersecurity Arena (Seeking Alpha) FireEye reported great Q1 results, continuing to extend its dominance in the burgeoning cybersecurity industry. FireEye's exceptional platform has allowed it to dramatically increase its customer acquisitions and cement its brand presence. While FireEye is growing at a stunning rate, there are some risks associated with the company as it continues to burn through cash

Lookingglass Cyber Solutions Just Had Published Form D About $21.00 million Financing (Octa Finance) Lookingglass Cyber Solutions, Inc., Corporation just filed form D announcing $21.00 million financing. Lookingglass Cyber Solutions was able to fundraise $19.81 million. That is 94.35% of the offering. The total private financing amount was $21.00 million. The financing form was filled on 2015-04-16. The reason for the financing was: unspecified. The fundraising still has about $1.19 million more and is not closed yet. We have to wait more to see if the offering will be fully taken

Gartner Names Sansa Security as a "Cool Vendor" in the Internet of Things for 2015 (MarketWatch) Leading global information technology research firm Gartner recognizes Sansa Security for innovation in the Internet of things in its annual "Cool Vendors" in Internet of Things, 2015 Report

SentinelOne Named Top Company by CISO Panel at Security Current's High Stakes Competition (BusinessWire) New execution inspection approach to endpoint security deemed most innovative technology

One airman's story: Certified in cybersecurity (Air Force Times) In his 16 years in the Air Force, cyber systems operator Tech. Sgt. Kanakaokekai Namauu has enjoyed working in a rapidly changing career field that's pushed him to keep on top of the latest changes in cybersecurity vulnerabilities

James Carder Leaves Mayo Clinic for CISO Role at LogRhythm (Wall Street Journal) James Carder, former director of security informatics at Mayo Clinic, has left the health-care sector to join security vendor LogRhythm as chief information security officer

Merged Accuvant-FishNet Security hire first CIO (Kansas City Business Journal) The company formed by the merger of Denver-based Accuvant Inc. and Overland Park, Kansas-based FishNet Security Inc. has hired a new chief information officer

HyTrust Appoints Bill Aubin as Federal Sales VP; Rudy Cifolelli Comments (GovConWire) Bill Aubin, formerly vice president of CounterTack's federal business, has joined HyTrust as VP for federal sales and brings almost 20 years of technology sales experience in the private and public sectors

Products, Services, and Solutions

Comcast Cable Selects Bay Dynamics for Threat Detection with the Risk Fabric Platform (Bay Dynamics) Bay Dynamics®, the leading provider of cybersecurity solutions and actionable risk intelligence to the world's largest organizations, today announced that Comcast Cable is leveraging the company's Risk Fabric® Platform for continuous threat detection and response. With Bay Dynamics as a trusted partner, Comcast has increased the efficiency and responsiveness of its security teams and established the pillars of an automated internal security awareness training program

Microsoft LAPS Tool Tackles Common Local Admin Password Problem (Threatpost) Microsoft's release last week of the Local Administrator Password Solution (LAPS) takes some steps to address an old question of what to do with local admin passwords, but doesn't provide a complete answer, experts said

Mobile Call Interception Is a Threat to Law Enforcement (Charon Technologies) Despite the efforts of law enforcement and government agencies to conceal their use of IMSI catchers (also known as stingrays) this cat is long out of the bag and several miles down the road. However, what the somewhat outraged general public may not understand is that this mobile call interception technology has already evolved to the point where it is affordable to many people and organizations around the world, not just first-world government agencies. Mobile call interception devices can now be easily built and assembled by non-government personnel with decent technical know-how. It is frightening to think that criminal organizations now have many of the same surveillance capabilities as the authorities do. So, what does all this mean for law enforcement itself?

Bitdefender's BOX Acts As Watchdog Over Your Home Hardware Security (PSFK) Antivirus software developer Bitdefender presents its all-in-one hardware solution for home networks

ThreadFix Elevates Application Security Concerns to C-Suite through Governance, Regulatory and Compliance (BusinessWire) Key enhancements provide organizations with the ability to assess vulnerabilities and prioritize risks in real time; supporting IAST, CLM and GRC technologies

A10 Networks Extends Advanced Application Delivery and Security With Microsoft Azure (MarketWatch) A10 vThunder ADC provides Azure customers with dynamic L4-L7 application services in the cloud to enable extensibility, increased agility and lower TCO

Qualys Releases "Vulnerability Management for Dummies, Second Edition" ( Marketwired via CNN Money) New ebook provides latest insights on how to implement a successful vulnerability management program with continuous monitoring

Automating incident response lets IDT take battle to the enemy (CSO via CIO) By automating the incident response process, IDT was able to reduce the time before the infection was quarantined, shorten the remediation cycle, reduce investigation time, and free up security staff to go after the bad guys themselves

Facebook joins forces with RiskIQ to step on malvertising (Inquirer) Social network rolls deep with insecurity firm tie up

Tests Show Mac Antivirus Software is Keeping up With Growing Threats (PC Magazine) The AV-Test independent testing labs are all about busting antivirus myths with cold, hard, reported facts

ShoCard Is A Digital Identity Card On The Blockchain (TechCrunch) Meet ShoCard, a startup that stores your identity onto bitcoin's blockchain so that you can prove your identity whenever you need to. ShoCard wants to replace cumbersome bank and credit card identification processes with something much more secure and practical. The startup is launching on stage today at Disrupt NY

Technologies, Techniques, and Standards

You're Under Attack! Eight Ways to Know for Sure (McAfee Blog Central) The parade of breaches, attacks and various other digital maladies hitting corporations in 2014 made it clear that default, out-of-the-box compliance and security isn't enough to protect organizations. But the nature of advanced persistent threats (APTs), and other forms of malware, makes it difficult to find an investment that can keep the next threat from growing into the next breach

Launching a Software Security Assurance Program — What does it take? (Cyber Security Caucus) It continues to surprise me when speaking to firms that have otherwise mature information security programs but haven't stood up a software security assurance function within their organizations. This is especially surprising given the prevalence of attacks exploiting application security weaknesses. Granted, funding is required and establishing a capability is not easy to do. However, I feel it's almost negligent if you don't do so in today's threat environment. In this post I'm going to share the steps we took at my previous firm to establish a software security assurance program and share some resources that can help. The Fortify team,ESS, and our Partners all have excellent professional application security services. We recommend the use of these services whenever a client is setting up their program

Six questions to ask before buying enterprise MDM products (TechTarget) Mobile device management can be a crucial part of enterprise security. Expert Matt Pascucci presents the key questions to ask when investigating MDM products

Deconstructing Mobile Fraud Risk (Dark Reading) Today's enterprise security solutions don't do enough to manage BYOD risk, credit card theft and the reputational damage resulting from a major data breach

What are the Sarbanes-Oxley requirements for social media? (TechTarget) Enterprise social media policies should be sure to meet Sarbanes-Oxley requirements. Expert Mike Chapple explains the specific requirements

Apple confirms: tattooed wrists confuse Watch (Naked Security) Apple has stepped up to the tattoo-gate fray, confirming that some wrist tattoos can block its Watch from measuring heart rates

Research and Development

How the NSA's speech-to-text ability keeps getting better every year (Ars Technica) "RHINEHART now operates across a wide variety of missions and languages"

Academia

Tech cyber engineering, computer science students prepare for 'Cyber Storm' (KNOE 8 News) A "Cyber Storm" warning has been issued for Louisiana Tech University for Friday, May 15th. Student teams will engage in a fierce battle in cyberspace to test their skills in network defense and attack strategies

IT Careers: How to Become an Information Security Analyst (Information Security Buzz) To become a security analyst, you need specialized classes that aren't often taken as an entry-level staffer. These classes will prepare you for high-paying jobs with firms that need strong security personnel

Legislation, Policy, and Regulation

The Full Glare of European Hypocrisy on Surveillance (Lawfare) In case you needed a refresher course on European hypocrisy on surveillance and data privacy, the New York Times today obliges with two stories over which the connoisseur of human folly ought really to pause. The first involves the adoption by France's lower parliamentary house of a new surveillance law so broad and so lacking in judicial review that it makes NSA's legal authorities look like a straight jacket

Germany, Too, Is Accused of Spying on Friends (New York Times) Chancellor Angela Merkel said in 2013, "Spying among friends — that is simply not done." Now a German agency has been accused of monitoring European companies and maybe individuals

France Is One Step Closer To Adopting Extensive Surveillance Law (TechCrunch) Following Charlie Hebdo's attacks, the French Government has been tirelessly working to draft and vote a new intelligence law that goes way too far

Le Petit Problème With France's New Big Brother (Foreign Policy) Can French intelligence agencies handle the terabytes of data that they just got permission to collect?

Law Enforcement Finding Few Allies On Encryption (Dark Reading) Cloud providers, mobile device manufacturers, private citizens, and a bipartisan Congressional committee are lining up on the opposite side

Australian lawyers, activists coached in cryptography familiar to Nauru detainees (Radio Australia) As people on Nauru are seeing their online communication with the outside severely curtailed with the shutdown of Facebook, and other undisclosed social media sites, lawyers and civil society groups in Australia, as well as Nauru detainees, are staying one step ahead

Can counter-terrorism lessons inform cyber ops?: The fight shapes structure (Foreign Policy) In the early days of the fight against al Qaeda in Iraq (AQI), those within the Special Operations community tasked specifically with counterterrorism missions spent countless personnel-hours gathering intelligence about al Qaeda. As an AQI member was identified or detained, we sought immediate answers

Is cyber-warfare really that scary? (BBC) On 7 December 1941, Japanese aircraft attacked the American naval base at Pearl Harbor, Hawaii. The attack was surprising, devastating, and drew the US into World War Two

New military chief is 'strategist,' not cyber expert (The Hill) President Obama's pick to become the nation's next top military officer, Marine Gen. Joseph Dunford Jr., bucks a recent trend of cyber-focused appointments

Litigation, Investigation, and Law Enforcement

Twitter challenge to U.S. national security probes moves forward (San Jose Mercury News) A federal judge on Tuesday weighed the Obama administration's attempt to sidetrack Twitter's legal challenge to the government's tight lid on national security investigations that reach into the tech industry

How Airbus built a security system to protect itself from IP theft — that German and US intelligence undermined (Computing) Back in 2003, while Airbus was still in the tricky process of designing the A380, the world's largest commercial passenger airliner, its then security auditor Andrew Phillipou stood up at a security conference in London to explain how the organisation intended to keep its trade secrets secret

Microsoft wants Verizon to hand over names of suspected Windows pirates (Computerworld) IP address is a dead end, says Microsoft

Lawyers threaten researcher over key-cloning bug in high-security lock (Ars Technica) "CyberLock" securing police and airports has critical vulnerabilities, report warns

Warrants not required for police to get your cell phone cell-site records (Ars Technica) Mobile callers' cell-tower history is fair game for cops — probable cause unnecessary

The Global Fight Against Cybercrime (Huffington Post) Cybercrime affects all of us. Every day, hundreds of thousands of malware samples are analysed: most used in random, speculative attacks on ordinary people engaged in banking, shopping or socialising online. However, the number of targeted attacks affecting large corporations and even government bodies has grown in recent years

Hackers: Who Are They and Why Are They So Hard to Stop? (NBC 6 South Florida) Computer hacking is big business, striking big business, the U.S. government, even the stock exchange

Accused game hacker flees to Europe, says he can't afford defence (Naked Security) In September 2014, the US indicted four men for allegedly using SQL injection and stolen employee login information to break into computer networks at Microsoft, Epic Games, Valve, Zombie Studios and the US Army, and for stealing unreleased gaming software, source code and proprietary Apache helicopter training software

Cryptocurrency maker Ripple Labs fined $700K for flouting financial regs (Ars Technica) Virtual currency wild west is done, registration as a Money Services Business required

For a complete running list of events, please visit the Event Tracker on the CyberWire website.

Newly Noted Events

Seventh Annual Information Security Summit (Los Angeles, California, USA, June 4 - 5, 2015) Information Security has become top of mind for companies and this conference is a must for IT staff, CISOs, Board members and CEOs. The Seventh Annual Information Security Summit offers comprehensive,...

Upcoming Events

Amsterdam 2015 FIRST Technical Colloquium (Amsterdam, the Netherlands, May 5 - 6, 2015) FIRST Technical Colloquia & Symposia provide a discussion forum for FIRST member teams and invited guests to share information about vulnerabilities, incidents, tools and all other issues that affect the...

California Cybersecurity Task Force Quarterly Meeting (Walnut Creek, California, USA, January 20, 2015) The California Cyber Security Task Force serves as an advisory body to California's senior government administration in matters pertaining to Cyber Security. Quarterly Cybersecurity Task Force meetings...

DaytonDefense Ohio Cyber Dialogue with Industry Conference (Dayton, Ohio, USA, May 6 - 7, 2015) Our Cyber Security conference presents how Cyber Security affects you as an individual, your company, and your nation, along with business opportunities in this growing area. You will walk away with an...

Suits and Spooks London (London, England, UK, September 12, 2014) On September 12th, in London's South bank neighborhood of Southwork, approximately 50 former intelligence officials, corporate executives, and security practitioners from the U.S. and the EU will gather...

Fraud Summit London (London, England, UK, May 7, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the London event include...

Apple Security Talks & Craft Beer (Laurel, Maryland, USA, May 8, 2015) The world's first security summit held at a production brewery. Join some of the world's best Apple security researchers as they talk about iOS, OS X, Apple hardware and other Apple-related security topics...

DzHack Event 2015 (Ben Aknoun, Algiers, Algeria, May 9, 2015) DzHackEvent is a security event will contain conferences, workshops, and a challenge (CTF). Aiming to bring together security professionals, students, searcher, ethical hacker enthusiasts or simply technology...

12th CISO Summit & Roundtable Geneva 2015 (Geneva, Switzerland, May 11 - 13, 2015) The 12th CISO Summit will give you direct insights from Europe's most experienced CISOs, you will get the latest top hot buttons and focuses from other CISOs for the coming 5 years — shared predictions...

NG Security Summit (San Antoino, Texas, USA, May 11 - 13, 2015) The NG Security Summit bringx together more than sixty-five relevant CISOs from the private and public sector for a high level summit where they will workshop to benchmark, identify, and tackle key challenges.

Cybergamut Tech Tuesday: An Hour in the Life of a Cyber Analyst (Hanover, Maryland, USA, May 12, 2015) This hands-on workshop will demonstrate how easy it is for a breach to occur by analyzing a virtualized web server environment. Participants will use open source tools such as port scanners and protocol...

MCRCon (Ypsilanti, Michigan, USA, May 12, 2015) Please join the Michigan Cyber Range for the third annual MCRCon cybersecurity conference. MCRCon 2015 will focus on hacking prevention, incident handling, forensics and post-event public relations. MCRCon...

Houston Secure World (Houston, Texas, USA, May 13, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

QuBit 2015 Cybersecurity Conference (Prague, Czech Republic, May 13 - 15, 2015) QuBit brings together top experts and leaders in the field, from the private sector, to academia, to government. The main topics this year are APTs, the Internet of Things, and Digital Forensics, which...

Michgan InfraGard 2015 Great Lakes Regional Conference: Securing Our Critical Infrastructures (Novi, Michigan, USA, May 14, 2015) Learn all about the risks to critical infrastructures and key resources and the efforts underway to protect them. Private and public sectors will be represented. The conference will include four breakout...

THOTCON 0x6 (Chicago, Illinois, USA, May 14 - 15, 2015) THOTCON (pronounced \ˈthȯt\ and taken from THree - One - Two) is a hacking conference based in Chicago IL, USA. This is a non profit non-commercial event looking to provide the best conference possible...

International Conference on Cyber Security (ICCS) 2015 (Redlands, California, USA, May 16 - 17, 2015) The ICCS 2015 serves as a platform for researchers and practitioners from academia, industry, and government to present, discuss, and exchange ideas that address real-world problems with CYBER SECURITY.

FS-ISAC & BITS Annual Summit (Miami Beach, Florida, USA, May 17 - 20, 2015) The Financial Services Information Sharing and Analysis Center (FS-ISAC), is a non-profit association comprised of financial institution members, that is dedicated to protecting the global financial services...

2015 Cyber Risk Insights Conference — Chicago (Chicago, Illinois, USA, May 18, 2015) Advisen again brings its acclaimed Cyber Risk Insights Conference series to Chicago with a full-day event addressing the critical privacy, network security and cyber insurance issues confronting risk professionals...

IEEE Symposium on Security and Privacy (San Francisco, California, USA, May 19 - 22, 2013) Since 1980, the IEEE Symposium on Security and Privacy has been the premier forum for the presentation of developments in computer security and electronic privacy, and for bringing together researchers...

Fraud Summit Chicago (Chicago, Illinois, USA, May 19, 2015) ISMG's Fraud Summit is a one-day event focused exclusively on the top fraud trends impacting organizations and the mitigation strategies to overcome those challenges. Highlights of the Chicago event include...

NCCOE Speaker Series: The Cyber Danger: Problems of Strategic Adaptation (Rockville, Maryland, USA, May 20, 2015) Lucas Kello (Senior Lecturer in International Relations / Director of Cyber Studies Program, Oxford University, and Associate of the Science, Technology & Public Policy Program, Belfer Center for Science...

3rd Annual Georgetown Cybersecurity Law Institute (Washington, DC, USA, May 20 - 21, 2015) In 2015, it is more important than ever that in-house and outside counsel stay abreast of the most current developments and best practices in cybersecurity. Those lawyers who ignore cyber threats are risking...

AFCEA Spring Intelligence Symposium 2015 (Springfield, Virginia, USA, May 20 - 21, 2015) The Symposium will be a one-of-a-kind event designed to set the tone and agenda for billions of dollars in IC investment. Leaders from all major IC agencies, from the ODNI, IARPA, and the National Intelligence...

SOURCE Conference (Boston, Massachusetts, USA, May 25 - 28, 2015) SOURCE is a computer security conference happening in Boston, Seattle, and Dublin that is focused on offering education in both the business and technical aspects of the security industry. The event's...

7th International Conference on Cyber Conflict (Tallinn, Estonia, May 26 - 29, 2015) CyCon is the annual NATO Cooperative Cyber Defence Centre of Excellence conference where topics vary from technical to legal, strategy and policy. The pre-conference workshop day, 26 May, features a variety...

HITBSecConf2015 Amsterdam (De Beurs van Berlage, Amsterdam, The Netherlands, May 26 - 29, 2015) This year's event will feature a new training courses. Keynote speakers include Marcia Hofmann and John Matherly. To encourage the spirit of inquisitiveness and innovation, Haxpo will showcase cutting...

1st Annual Billington Corporate Cybersecurity Summit (New York, New York, USA, May 27, 2015) Join Billington CyberSecurity's unparalleled network of cybersecurity professionals as they provide hard-earned insights and education to a high level and exclusive group of attendees from the corporate...

Atlanta Secure World (Atlanta, Georgia, USA, May 27 - 28, 2015) Join your fellow security professional for affordable, high-quality cybersecurity training and education at a regional conference near you. Earn CPE credits while learning from nationally recognized industry...

Techno Security & Forensics Investigations Conference (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Seventeenth Annual International Techno Security & Forensics Investigations Conference will be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. This conference promises...

Mobile Forensics World (Myrtle Beach, South Carolina, USA, May 31 - June 3, 2015) The Eighth Annual Mobile Forensics World will also be held May 31 ? June 3 in sunny Myrtle Beach at the Myrtle Beach Marriott Resort. The Mobile Forensics World is specifically dedicated to Federal, State...

Grow your brand and reach new customers.

Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.

Be a part of the CyberWire story.

People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.